l2_packet: Fix bridge workaround for repeater configuration

In repeater configuration, both AP and STA wireless interfaces may be
included into the same bridge. In this case the following race condition
may occur: wpa_supplicant and hostapd are started, then hostapd clients
are connected before wpa_supplicant connects to remote AP. EAPOL packets
between hostapd and its clients are detected by wpa_supplicant on bridge
interface, prematurely disabling the workaround.

One possible option to fix this issue is to check EAPOL destination MAC
in wpa_supplicant and disable workaround only if EAPOL packet on bridge
interface is indeed intended for wpa_supplicant.

Signed-off-by: Sergey Matyukevich <sergey.matyukevich.os@quantenna.com>
This commit is contained in:
Sergey Matyukevich 2019-10-16 10:44:49 +00:00 committed by Jouni Malinen
parent 9f47fdb6c3
commit 3626e72c8d

View file

@ -171,13 +171,16 @@ static void l2_packet_receive(int sock, void *eloop_ctx, void *sock_ctx)
u8 hash[SHA1_MAC_LEN];
const u8 *addr[1];
size_t len[1];
const struct l2_ethhdr *eth = (const struct l2_ethhdr *) buf;
/*
* Close the workaround socket if the kernel version seems to be
* able to deliver packets through the packet socket before
* authorization has been completed (in dormant state).
*/
if (l2->num_rx_br <= 1) {
if (l2->num_rx_br <= 1 &&
(os_memcmp(eth->h_dest, l2->own_addr, ETH_ALEN) == 0 ||
is_multicast_ether_addr(eth->h_dest))) {
wpa_printf(MSG_DEBUG,
"l2_packet_receive: Main packet socket for %s seems to have working RX - close workaround bridge socket",
l2->ifname);